No News Is Good News for CUs on Anonymous May 7 Hit List

The hackers group Anonymous had apparently not made good by late Tuesday afternoon on its promise to take down nine major government websites and 133 financial institution sites – including 12 large credit unions – in what it called “OpUSA.”

Representatives from credit unions on the target list, published April 24 on Pastebin, said they had not experienced any website disruptions as a result of the threated Distributed Denial of Service attacks.

And an executive at a major Internet security operation, which includes several hundred credit unions on its extensive client list, said, "The research community is not seeing any activity toward the financial community yet."

Todd Camp, marketing communications analyst at the $5.6 billion American Airlines FCU of Fort Worth, Texas said his 241,000-member cooperative has not, so far, experienced any problems.

It’s the same story at the $27 billion State Employees’ Credit Union of Raleigh, N.C., according to President/CEO Jim Blaine, who said his credit union’s systems are normal.

Teresa Halleck, president/CEO of the $6.2 billion San Diego County Credit Union, reported her credit union has not experienced anything out of the ordinary. However, Halleck said she’s not just focused on May 7.

“With today being the announced date, everybody gears up for today,” she said, “but it could happen any day. So, we are maintaining a state of awareness.”

NCUA Public Affairs Specialist John Fairbanks said staffers work with any known targeted credit unions to determine whether they have in place mitigation processes, a communications plan in the event of a prolonged outage, and procedures for monitoring and logging possible attacks.

The regulator has also provided information about different forms of malware used by hackers, as well as the possible paths of attack, such as email attachments, that could be used.

Fairbanks referenced a risk alert sent to federally insured credit unions in February that provided steps to manage the risk posed by cyber attacks and monitor threats.

“Cyber security has been an important area of focus for NCUA,” he said.

DDoS attacks disrupt a website or render it inoperable by flooding its server with communication requests. At least two credit unions – Patelco CU in California and University FCU in Texas – were hit in recent attacks claimed by a group calling itself the al-Qassam Cyber Fighters.

According to USA Today"CyberTruth" blogger Byron Acohido, what "unfolded (Tuesday was) a flurry of defacements of random government and commercial websites around the globe. It appears none of these defacements affected organizations on the OpUSA list of targets. Most of the sites defaced thus far have no connection to the U.S. These includes commercial websites in Europe, South America and even China."

Acohido quoted Marty Meyer, president of Corero Network Security, as saying, "This does not seem to be a very well-coordinated effort and seems to be a disparate group of individual hackers who are probing and looking for web apps that have vulnerabilities.

"There is also a good possibility that the attacks are only loosely linked to Anonymous in order to generate attention."